Communication, and concurrency with logic-based 
restriction inside a calculus of structures 



It is well known that we can use structural proof theory to refine, or generalize, exist- 
ing paradigmatic computational primitives, or to discover new ones. Under such a point 
of view we keep developing a programme whose goal is establishing a correspondence 
between proof-search of a logical system and computations in a process algebra. We give 
a purely logical account of a process algebra operation which strictly includes the be- 
havior of restriction on actions we find in Milner CCS. This is possible inside a logical 
system in the Calculus of Structures of Deep Inference endowed with a self-dual quanti- 
fier. Using proof-search of cut-free proofs of such a logical system we show how to solve 
reachability problems in a process algebra that subsumes a significant fragment of Milner 
CCS. 

1 Introduction 

This is a work in structural proof-theory which builds on [JT]|4j|5]|6l. Broadly speaking we aim 
at using structural proof theory to study primitives of paradigmatic programming languages, 
and to give evidence that some are the natural ones, while others, which we might be used 
to think of as "given once for all", can, in fact, be refined or generalized. In our case this 
means to keep developing the programme in [1] whose goal is establishing a correspondence 
between proof-search of a logical system, and computations in a process algebra. From JT], 
we already know that both (i) sequential composition of Milner CCS Q gets modeled by 
the non commutative logical operator Seq of BV [2], which is the paradigmatic calculus of 
structures in Deep Inference, and (ii) parallel composition of Milner CCS gets modeled by the 
commutative logical operator Par of BV so that communication becomes logical annihilation. 
This is done under a logic -programming analogy. It says that the terms of a calculus ^ — 
which is a fragment of Milner CCS in the case of JT) — correspond to formulas of a logical 
system _Sf — which is BV in the case of Q] — , and that computations inside ^ recast to 
searching cut-free proofs in Jz? , as summarized in (HJ here below. 
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Contributions. We show that in CQ| we can take BVQ gj |5] |6) for Jzf , and CCS spq for 
^6 '. The system BVQ extends BV with a self-dual quantifier, while CCS spq is introduced 
by this work (Section |6). The distinguishing aspect of CCS spq is its operational semantics 
which subsumes the one of the fragment of Milner CCS that contains sequential, parallel, and 
restriction operators, and which we identify as CCS spr . Specifically, the self-dual quantifier 
of CCS spq allows to relax the operational semantics of the restriction operator in CCS spr 
without getting to an inconsistent calculus of processes. This is a direct consequence of (the 
analogous of) the a cut-elimination property for BVQ [4, 5]|6]]. 

The main step that allows to take BVQ for Jrf , and CCS spq for c € is proving Soundness 
of BVQ with respect to CCS spq (Section [8]). The following example helps explaining what 
Soundness amounts to. Let us suppose we want to observe what the following judgment 
describes: 



((a.b.E) | (a.F))\ a — (E \ F)\ a (2) 



The process a.b.E can perform actions a, and b, in this order, before entering E. The other 
process can perform a before entering F. In particular, a.b.E, and a.F internally communicate 
when simultaneously firing a, and a. In any case, firing on a, or a, would remain private 
because of the outermost restriction ■ \ a which hides both a, and a to the environment]. The 
action b is always observable because b differs from a. Of course, we might describe one of 
the possible dynamic evolutions of (01 thanks to a suitable labeled transition system able to 
develop a derivation like ©: 



a.b.E — — >■ b.E a.F — — >■ F 

(a.b.E) | (a.F) — (b.E) | F 
e£ a 

((a.b.E) | (a.F))\ a — ((b.E) | F)\ a 

((a.b.E) | (a.F))\ a (E \ F)\ a 



Soundness says that instead of rewriting a.b.E to a.F, as in (O, we can (i) compile the whole 

judgment ((a.b.E) \ a.F)\ a — b —> (E \ F)\ a to a structure, say R, of BVQ, and (ii) search for a 
cut-free proof, say of R, and (iii) if exists, then Soundness assures that (O holds. So, 

a 

in general, Soundness recasts the reachability problem "Is it true that E — > F" to a problem 
of proof search. Noticeably, the Soundness we prove poses weaker constraints on the form 
of F than those ones we find in Soundness of 0]. Specifically, only the silent process 
can be the target of the reachability problem in JT]. Here, F can belong to the set of simple 
processes which contains 0. Intuitively, every simple process different from is normal with 
respect to internal communication, but is alive if we consider the external ones. Finally, from 
a technical standing point, our proof of Soundness in neatly decomposed in steps that makes 
it reusable for further extensions of both BVQ, and CCS spr . 

Road map. Section |2]recalls BVQ and its symmetric version SBVQ mainly from |6). Sec- 
tion [3] is about two proof-theoretical properties of BVQ which were not proved in J4] [5] |6) 
but which Soundness relies on. The first one says that every Tensor-free derivations of BVQ 
has at least corresponding standard one. The second one supplies sufficient conditions for a 

1 We write something related to Milner CCS. Indeed, hiding both a, and a in Milner CCS is ■ \i a m . 



b.E — -^E 

(b.E) | F — U- E\F (3) 
b£a 

((b.E) | F)L — U» (E | F)L 
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structure of BVQ to be invertible, somewhat internalizing derivability of BVQ. Section[5]has 
the pedagogical aim of showing, with many examples, why the derivations of BVQ embody 
a computational meaning. Section [6] introduces CCS spq , namely the process calculus that 
BVQ embodies. SectionQfirst formalizes the connections between BVQ, and CCS spq . Then 
it shows how computations inside the labeled transition system of CCS sp q recast to proof- 
search inside BVQ, justifying the need to prove Soundness. Section [8] proves Soundness, 
starting with a pedagogical overview of what proving it means. Section [9] points to future 
work, mainly focused on CCS sp q. 

2 Recalling the systems SBVQ and BVQ 

We briefly recall SBVQ, and BVQ from (6). 

Structures. Let a,b,c, . . . denote the elements of a countable set of positive propositional 
variables. Let a,b,c,... denote the elements of a countable set of negative propositional 
variables. The set of names, which we range over by I, m, and n, contains both positive, and 
negative propositional variables, and nothing else. Let o be a constant, different from any 
name, which we call unit. The set of atoms contains both names and the unit, while the set 
of structures identifies formulas of SBV. Structures belong to the language of the grammar 
in ©. 



R::= o | I i R | (R®R) | (R«R) | [RvR] \ \R} a (4) 



We use R, T, U, V to range over structures, in which R is a Not, (R ® T) is a CoPar, (R < T) is 
a Seq, [R >S> T] is a Par, and [R] a is a self-dual quantifier Sdq, which comes with the proviso 
that a must be a positive atom. Namely, [R}„ is not in the syntax. Sdq induces obvious 
notions of free, and bound names J6]. 

Size of the structures. The size \R\ of R is the number of occurrences of atoms in R plus 
the number of occurrences of Sdq that effectively bind an atom. For example, \[a 'S a]\ = 
\\[a *s a\\ b \ = 2, while \\[a >S> a]J fl | = 3. 

(Structure) Contexts. We denote them by S{ }. A context is a structure with a single 
hole { } in it. If S{R], then R is a substructure of S . We shall tend to shorten S{[R 'S U]} as 
S [R V U] when [R v U] fills the hole { } of S { } exactly. 

Congruence ~ on structures. Structures are partitioned by the smallest congruence » we 
obtain as reflexive, symmetric, transitive and contextual closure of the relation ~ whose defin- 
ing clauses are (0, through (ETb here below. 
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Associativity 




Negation 




(R®(T® V)) ~ ((R ®T)®V) 


(13) 






(R*(T<V)) ~ ((R'T)'V) 


(14) 


O ~ 


(5) 


[R'S [T ^ V]] ~ [[R 'S T] *s> V] 


(15) 


J? ~j 7? 

A ~ A 


(O) 






[R V T] ~ (R® T) 


(7) 


Unit 




(R®T) ~ [R'S T] 


(8) 






(r<t) ~ <tf*r> 


(9) 


(o®R)~R 


(16) 


T^jT ~ r*j. 


(10) 


(o«R) ~ (R<o) ~R 


(17) 






[csR] ~ R 


(18) 


Symmetry 












a-rule 




[tf*r] ~ [T'SR] 


(11) 






(R®T) ~ (T ® R) 


(12) 


\R] a ~ R if at fn(R) 


(19) 






\R{%}\ a ~ Wb if at fn(R) 


(20) 






URlila ~ HRlah 


(21) 



Contextual closure means that S{R) « S{T) whenever R ss T. Thanks to OTT i. we abbre- 
viate [• ■ ■ {R} ai ■ ■ -\a n as \R\a, where we may also interpret a as one of the permutations of 
d\ t , . . , a n . 



Canonical structures. We inspire to the normal forms of [2] to define structures in canon- 
icalform inside SBVQ. Canonical structures will be used to define environment structures 
(Section|7] page[l4]) A structure R is canonical when either it is the unit o, or the following 
four conditions hold: (i) the only negated structures appearing in R are negative propositional 
variables, (ii) no unit o appears in R, but at least one name occurs in it, (iii) the nesting of 
occurrences of Par, Tensor, Seq, and Sdq build a right-recursive syntax tree of R, and (iv) 
no occurrences of Sdq can be eliminated from R, while maintaining the equivalence. 

Example 2.1 (Canonical structures) The structure [(a ® b) *B [cj c ] is not canonical, but it is 
equivalent to the canonical one [a >8 (b ® [c] c )] whose syntax tree is right-recursive. Other 
non canonical structures are [a 'S (o ® b)], and ([a V (o ® b)] ® (o < b)), and [a *s (b ® TcJi/)]- 
The first two are equivalent to (a (8 b) which, instead, is canonical. Finally, also [a *8 o] is not 
canonical, equivalent to the canonical one a. 

Fact 2.2 (Normalization to canonical structures) Given a structure R: (i) negations can move 
inward to atoms, and, possibly, disappear, thanks to (0, . . . , HOi . (ii) units can be removed 
thanks to ([T6i i, . . . , d!8t . and (iii) brackets can move rightward by (fT3T l, . . . , HSi . 

So, for every R we can take the equivalent canonical structure which is either o, or differ- 
ent from o. 

The system SBVQ. It contains the set of inference rules in (l22t here below. Every rule has 
T 

form p — , name p, premise T, and conclusion R. 
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o (a® a) 

aii — aiT 

[flSfl| o 

<[* s U] * [T * V]) (IR>9T\»U) «R<T)<$(U<V)) 

. s qT (22) 

[(R«T) v (U< V)] [(R®U)>sT] ((R ® U) < (T ® V)) 

\[R V U]\a (IRl ® \U\ a ) 



ul - 



[\R\ a * W\a\ \{R ® U)\ a 



Derivations vs. proofs. A derivation in SBVQ is either a structure or an instance of the 
above rules or a sequence of two derivations. Both and S will range over derivations. The 
topmost structure in a derivation is its premise. The bottommost is its conclusion. The length 
of a derivation *3> is the number of rule instances in <3. A derivation 3 of a structure in 

T 

SBVQ from a structure T in SBVQ, only using a subset B c SBVQ is ®||b. The equivalent 

T R 
space-saving form is S> : T \~ B R. The derivation @||Bis a proof whenever T as o. We denote it 

R 

as ^||b, or " or £r : h B R. Both and ^ will range over proofs. In general, we shall drop 
R 

T 

B when clear from the context. In a derivation, we write pu...,p m ,n u ...,n p =, whenever we use 

R 

the rules pi,... ,p m to derive R from T with the help of ni, . . . ,n p instances of ©, . . . , (fT2t . 
To avoid cluttering derivations, whenever possible, we shall tend to omit the use of negation 
axioms ©, . . . , ( [Tol l, associativity axioms ( fT3l l, ( fT4l >. ( TT3b . and symmetry aximos ( fTTT i, ( fT2] >. 
This means we avoid writing all brackets, as in [R >? [T ^ {/]], in favor of [7? ^ 7" "S U], for 
example. Finally if, for example, q > 1 instances of some axiom («) of (0, . . . , (l2Tb occurs 
among n\,..., n p , then we write {n) q . 

Up and (/own fragments of SBVQ. The set {ai|, S, ql,u|} is the down fragment BVQ of 
SBVQ. The up fragment is {ait, S, qT, lif}. So s belongs to both. 

Corollary 2.3 (|1J|6)) The up-fragment {aiT,qt,uTI of SBVQ is admissible for BVQ. This 
means that we can transform any proof : H SBVQ R into a proof J? : h BVQ R free of every 
occurrence of rules that belong to the up-fragment of SBVQ. 

Remark 2.4 Thanks to Corollary 12.31 we shall always focus on the up-fragment BVQ of 
SBVQ. 



3 Standardization inside a fragment of BVQ 

Taken a derivation $! of BVQ, standardization reorganizes @ into another derivation £ with 
the same premise, and conclusion, as S>. The order of application of the instances of ai| in 
S satisfies a specific, given constraint which some examples illustrate. Standardization in 
BVQ is one of the properties we need to recast reachability problems in a suitable calculus of 
communicating, and concurrent processes, to proof-search inside (a fragment) of BVQ. 

Example 3.1 (Standard derivations of BVQ) Both ( 1231 ), and (f24l > here below are standard 
derivations of the same conclusion [(a « R) "3 (b < T) 'S (a < b)] from the same premise [R ^ T]. 
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„ [R V T] 

[171 - 

(°<<°<[«i?r]» 

ail = 

(° ' ([b s(j]'[its r]>> 

_ ([u«3]>([H4]<[«S7'])) 

[j? ■? r] nu - 

ail.[i7].[II] = ([»««]<{[« >S 6 >S b\ ' [R >s r]» 

[« V <[6 >S 6] - [o <g T])] ql 



ql = ([a>ga\*[(°<R)>3{[b>9bhT)l) 

[R <s (b - o) >g {b - T)] M - 

EH (23) _ ([a«51.[«i!([Ht].r}]) (24) 

[R «■ i> «■ (b - T)] UW - 

ail _ = ([[a <S 77] <S o] - [fi <g ([b <g b] - [o -s r]>]> 

[<[« « 77] - [« v 6]> « <6 - r>] qi = 

ql — — _([[a'9a\>8o]<[R>8(b<o)>9{b<T)]) 

[(a<R)^S(b<T)'g(a<b)} EH = _ : rD , , T = 

{[a 1 a <9 o] < [R >s b V (b - T)]) 

qi- 



[([««» - i? o. t.J- 

En 

[<[« -S 77] - [fi S 6]) >s <6 - r>] 

ql = 

[(a<R)>8 (b-T)'S (ci'b)] 



They are standard because every occurrence of ai| does not appear to the right-hand side of 
an instance of Seq. 

Remark 3.2 {Proof-thoeretical meaning of standardization) Standardization says that (i) any 
of the structures inside R, and T of (R < T) will never interact, and (ii) all the interactions in- 
side R must occur before the interactions inside T. 

Our goal is to show that we can transform a sufficiently large set of derivations in BVQ into 
standard ones. We start by supplying the main definitions. 

Right-contexts. We rephrase, inductively, and extend to BVQ the namesake definition in 
HI. The following grammar generates right-contexts which we denote as S { } L . 



S{ ) L :: 


= 1)1 {s'\ r« 


ts) i [s'f r - 


?R] I <5'| f<R) 


(25) 




| (R®S'{ 


n i [Rvs'i 


n i \s'{ rj fl 



Example 3.3 (Right-contexts) A right-context is [a 'S \[b >s ({ } <c< d)]} c ]. 
Instead, [a >s \[b >3 (c < { )< d)]\ c ] is not. 

Left atomic interaction. Recalling it from JT|, the left atomic interaction is: 



atli_ (26) 

S[a>9 a] L 



Example 3.4 (Some left atomic interaction instances) Let three proofs of BVQ be given: 



ail _ atli. — atlL 



[b *3b\ [b>3 b] [a <9 a] 

03 (27) 03 (28) 03 (29) 

<o < [b v b]) {o<[bs b]) ([a S a\ < o) 

ail _ atiL _ ail =— 

([a <s a] < [b <s b]) ([a >s> a] < [b ■» b]) ([a w]<[is b]) 



6 



The two occurrences of ai| in ( f27l > can correctly be seen as two instances of at|i_, as outlined 
by (f28t . Instead, the occurrence of ai| in ( |29l l cannot be seen as an instance of atjL as it 
occurs to the right of Seq, namely in the context ([a^a]<{ }) which is not in d25l ). 

Fact 3.5 By definition, every occurrence of atJ,L is one of ail. The vice versa is false. 

Standard derivations of BVQ. Let R, and T be structures. A derivation 3) : T h BVQ R 
is standard whenever all the atomic interactions that @ contains can be labeled as atJ,L. We 
notice that nothing forbids T ~ o. 

3.1 Standardization 

We reorganize derivations of {atJ,L, ail, ql, uj,} c BVQ which operate on Tensor-/ree struc- 
tures only. 

Tensor-free structures. By definition, R in BVQ is Tensor-/re<? whenever it does not con- 
tain {R\ <g> ■ ■ ■ ® R„), for any Ri,...,R n , and n > 1 . 

Our goal is to prove the following theorem, inspiring to the standardization in |fl~): 

Theorem 3.6 {Standardization in {atJ,L, ail, ql, ul}) Let T, and R be Tensor-free. For every 
f : T h, „!i „i /?, there is a standard derivation S : T k. „,,,,,/?. 

It proof relies on the coming lemmas, and proposition. 

Lemma 3.7 (Existence of atli_) The topmost instance of ai| in a proof J 2 : h BVQ R is always 
an instance of at|i_. 

sf{aUL,q4.,u|} 

... 

ri 

Proof Let & be S[a>8a] with ail* its topmost instance of ail which cannot be 
||bvq 
R 

relabeled as atlL. By contraction, let us assume S{ } be a non right-context, namely S{ } * 
S'(T <S"{ }) for some S'{ },S"{ }, and T such thatr # o. In this case, to let the names of 

^lf{atiu,ql,ui) 

T, and, may be, those ones of S "{o}, to disappear from ... we would have 

S'(T <S"[a'8a]} 

to apply at least one instance of ail which would occur in £2, against our assumption on the 
position of ail*. 

Lemma 3.8 (Commuting conversions in {atlL, ail, ql, ul}) Let/?, T, and S{o] be Tensor-free. 

T 



Also, let p e {atlL, ql, ul). Finally, let & be S [a >s o] L , where ail* is the topmost occur- 

ai|" - 



R 



T 

ail* — 



rence of ail which is not atlL. Then, there is , where V, and all the structures 

@||(at|L,aii,ql,ul) 

R 

of @ are Tensor-free, and ail* may be an instance of atlL. 
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Proof The proof is, first, by cases on p, and, then, by cases on S [a >9 a] 1 -. Fixed S [a >s a] L , 
the proof is by cases on R which must contain a redex of ail, ql, or ul, that, after ail*, leads 
to the chosen S [a >8 a] L . (AppendixlAl) 

T 

®"\\ 
V 

Proposition 3.9 (One-step standardization in {atL., ail., ql, ul}) Let air — be a derivation in 

R 

jatlL, ail, ql, ul) such that ail* is the topmost instance of ail. There exists a derivation S : 
T h (at|Laiiq|u|| ^ where ail* has been eventually moved upward to transform it into an 
instance of atL.. 

Proof Let n be the number of rules in 31" . If U « S [a *s a\-, with [a *8 a] the redex of ail*, 
then ail* is already an instance of atL., and we are done. Otherwise, we can apply Lemma 
l3.8l moving ail* one step upward, getting to § : T | ~{ a tj, 1 _ a ij, q.i uj.) R> where ail* is no more 
than n - 1 rules far from T. An obvious inductive argument allows to conclude thanks to 
Lemma [3.7l 

Proof of Theorem 13.61 Let X@ be the set of all instances of ail in $1, that can be directly 
seen as instances of atlL, and Yg, the set of all other instances of ail in Si. If Y@ = we 
are done because <§ is 3) where every instance of ail in Xg, if any, can be directly relabeled 
as atlL. Otherwise, let us pick the topmost occurrence of ail in 3) out of T®, and apply 
Proposition [3]9] to it. We get § : T l-| at j L qi uj j R, whose set Yg is strictly smaller than Yog. 
An obvious inductive argument allows to conclude. 

Standard fragment BVQl of BVQ. After Theorem 13.61 it is sensible defining BVQl as 
{atlL, ql, ul) c BVQ whose derivations contain Tensor-free only structures. 

4 Internalizing derivability of BVQ 

Roughly, internalizing derivability in BVQ shows when we can "discharge assumptions". It 
is another of the properties we need to recast reachability problems in a suitable calculus of 
communicating, and concurrent processes, to proof-search inside (a fragment) of BVQ. The 
internalization links to the notion of invertible structures. 

Invertible, and co-invertible structures. We define them in d30b here below. 

I ^ 

SP BVQ II 

T is invertible whenever II implies ® bvq, for every T, and P (30) 



If T is invertible, then, by definition, T is co-invertible. 

Remark 4.1 Clearly, definition d30b here above omits the implication "If @ : T h BVQ P, then 
9* : H BVQ [T 'S P]" on purpose. It always holds because il is derivable in BVQ. Moreover, 
our invertible structures inspire to the namesake concept in J8). 
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The following proposition gives sufficient conditions for a structure to be invertible. 

Proposition 4.2 (A language of invertible structures) The following grammar ( IBTT l gener- 
ates invertible structures. 



T:: = o\[l 1 v-'->9l n ]\(T« l T)\(T<T)\[T] a 

where n > 0, and, for every 1 < i, j < n, if i 4- j then I; t lj 



(31) 



Proof Let & : h BVQ [T >s P] be given with T in ([3TJ- We reason by induction on \[T >9 P]\, 
and we build 3 of (f30b . proceeding by cases on 7". (Details in AppendixlBl) 



5 Intermezzo 

We keep the content of this section at an intuitive level. We describe how structures of BVQ 
model terms in a language whose syntax is not formally identified yet, but which is related to 
the one of Milner CCS. 

Example 5.1 (Modeling internal communication inside BVQ) Derivations of BVQ model 
internal communication if we look at structures of BVQ as they were terms of Milner CCS, 
as in JT). Let us focus on (|32| | here below. 



aij - 



[EVF] 

o — 

(o*[E>s F]> 
([a •Sa]<[E'S F]> 
[(a<E)>?{a«F)} 



(32) 



a.E - 



E a.F - 



->■ F 



(33) 



a.E | a.F - 



E \ F 



The instance of q| moves atoms a, and a, one aside the other, and ai| annihilates them. 
Annihilation can be seen as an internal communication between the two components (a < E), 
and (a < F) of the structure [(a <E) >8 (a < F)~\. The usual way to formalize such an internal 
communication is d33l ). derivation that belongs to the labeled transition system of Milner 
CCS. The sequential composition of ( f33b stands for Seq, parallel composition for Par, and 
both E, and F in (|32| | are represented by corresponding processes E, and F in (l33l . 



Example 5.2 (Modeling external communication inside BVQ) Derivations of BVQ model 
external communication if we look at structures of BVQ as they were terms of Milner CCS, 
as in [1 1. Let us focus on (l34t here below. 



n3.cu 



aij - 



<o<[£>ffo]> 



([a >s a] < [E >s o]> 
[(a <E)>sa] 



(34) 



a.E 



(35) 



We look at [(a <E) r s'a\ as containing two sub-structures with different meaning. The struc- 
ture (a < E) corresponds to the process a.E. Instead, a can be seen as an action of the context 
"around" (a < E). This means that d32t formalizes Milner CCS derivation (l33l . 

Remark 5.3 ("Processes", and "contexts" are first-citizens) The structure [(a <E) ^a] is equiv- 
alent to [(a<E) ^ (a < o)] in ( f34b . This highlights a first difference between modeling the 
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communication by means of (a sub-system of) BVQ, instead than with Milner CCS. This 
latter constantly separates terms from the contexts they interact with. Instead, the structures 
of BVQ make no difference, and represent contexts as first-citizens. Namely, choosing which 
structures are the "real processes", and which are "contexts" is, somewhat, only matter of 
taste. Specifically, in our case, we could have said that (a < °) represents the process a.O, 
instead than the context. 

Example 5.4 (Hiding communication) Derivations in BVQ model hidden communications 
of Milner CCS thanks to Sdq. So, we strictly extend the correspondence between a DI 
system and Milner CCS, as given in (TJ. We build on Example 15.21 placing an instance of 
Sdq around every of the two components of [{a < E) 'Sa] in d34b . 



_ \E\ a 








m 








r<°<£>j. 












a.E — E 




l{[a>?a]«E)] a 


(36) 




(37) 


G3.qi.QI] 

\[(a <E)^a\\ a 




(a.E)\ a — ^s- E\ a 












[\(a«E)\ a v[a\a\ 









We can look at Sdq, which binds a, and a as restricting the visibility of the communication. 
The derivation in the labeled transition system of Milner CCS that models ( f36b is (I371 l. 

Example 5.5 (More freedom inside BVQ) Inside [(a < E) >8 (a < (b < (c < F))) ^ {b < (c < F»], 
of (l38l l among others, we can identify the "processes" G\ = (a < E), G2 = (a <(b<(c < F))), 
G 3 = (b<(c< F)), and G 4 = (b < (c < F»: 



E 

m^= 

(o<E) 

aij. 

([a >sa]<E) 

' ([a*sS\<[E>s (b«{-<F))v (b < (c < F»]> 
OH - — = 

([a >sa>?o]<[E>g(b<(c<F))>s (b < (c < F»]> 

^ [([a >Sa]<lE>s(b<(-<F))])v{o<(b« (c < F)»] 
[<[a >sa]<[E'8(b<(c« F))]) g (b < (c < F»] 
ql [(a «E)>s<a«(b<{c<F))}>g (b < (c < F»] 



The lowermost instance of q| predisposes G\, and G2 to an interaction through a, and a. 
However, only the instance of ai| makes the interaction effective. Before that, the instance of 
i| identifies G\ as the negation of G3, and annihilates them in a whole. So, d38l l suggests that 
modeling process computations inside BVQ may result more flexible than usual, because it 
introduces a notion of "negation of a process" which sounds as a higher-order ingredient of 
proof-search-as-computation. 

6 Communication, and concurrency with logic restriction 

The correspondences Section |5]highlights, justify the introduction of a calculus of processes 
which we identify as CCS spq . Specifically, CCS spq is a calculus of communicating, and 
concurrent processes, with a logic-based restriction, whose operational semantics is driven 
by the logical behavior of uj, rule. 
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Remark 6.1 (CCS spq vs. Milner CCS) It will turn out that CCS spq is not Milner CCS E) . 
The concluding Section [9] will discuss on this. 

Actions on terms of CCS spq . Let a,b,c, . . . denote the elements of a countable set of 
names, and let a,b,c,... denote the elements of a countable set of co-names. The set of 
labels, which we range over by I , m, and rt contains both names, and co-names, and nothing 
else. Let e be the silent, or perfect action, different from any name, and co-name. The (set of) 
sequences of actions contains equivalence classes defined on the language that d39b yields: 



s::= e | I | 1 | s;s (39) 



By definition, the equivalence relation (t40l > here below induces the congruence s- on J391 >. 













6 ~ 6 


a ~ a 


s ; s' ~ s ; s' 


e;s~s 


(40) 



We shall use a,f3, and y to range over the elements in the set of actions sequences. 



Processes of CCS spq . The terms of CCS spq , i.e. processes, belong to the language of the 
grammar (|4TT > here below. 



E ::= | IE | (E\E) \ E\ a (41) 



We use E, F, G, and H to range over processes. The inactive process is 0, the parallel compo- 
sition of E, and F is E \ F. The sequential composition l.E sets the occurrence of the action 
prefix I before the occurrence of E. Logic restriction E\ a hides all, and only, the occurrences 
of a, and a, inside E, which becomes invisible outside E. 

Size of processes. The size \E\ of E is the number of symbols of E. 



Congruence on processes of CCS spq . We partition the processes of CCS spq up to the 
smallest congruence which, by abusing notation, we keep calling 2, and which we obtain 
as reflexive, transitive, and contextual closure of the relation d42l i here below. 



a ~ a 


E | 


~ E 


E | F 


~ F\E 


E | (F | G) 


~(E\F)\G 


(42) 




E\„\ a 


~ £1.1* 


(E{%m 


~E\ a 


E\ a 


~ Eif a t fn(£) 



In d42l) (i) E{ a /b | denotes a standard clash-free substitution of a for both b, and b in E that 
we can define as usual, and (ii) fn(-) is the set of free-names of a term in CCS spq , whose 
definition, again, is the obvious one. Namely, neither a, nor a belong to the set fn^lo). 



Labeled transition system of CCS spq . Its rules are in (l43l , and they justify why CCS 
is not Milner CCS. 
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IE — -^E 



— E' F — F' 
E | F — € —^ E' | F' 



E | F — ^-s> F' | F' - E\F — E'\F' 
(a € [b, b}) Pe (a £ {b, b\) (43) 

F| fc I F\b — F' It I F'h, £|* I FU — ^ F' |» | F' | t 

£ — F F — F' F' - > G' 



^E E \G—^F\G 



G 



In (|43]>, the rule a implements external communication, by firing the action prefix I, as usual. 
The rule c implements internal communication, annihilating two complementary actions. The 
rules Pi, and p e allow processes, one aside the other, to communicate, even when both are 
inside a logic restriction. This is a consequence of the logical nature of Sdq, which binds 
names, and co-names, up to their renaming, indeed. The rule ctx leaves processes, one aside 
the other, to evolve independently. Finally, rfl makes the relation reflexive. 

Example 6.2 (Using the labeled transition system) As a first example, we rewrite ((a.b.E) \ 
a.F)\ a to (E | F)\ a , observing the action b, as follows: 



j.b.E — > b.E a.F 



b.E 



(a.b.E) I a.F I a (a.b.E) | a.F — > (b.E) | F s (b.E) \F\0 b.E \ F \0 * b.E \ F ^ E \ F *s E \ F \0 

i em a Pe b m a 

((a.b.E) | a.F)\ a a ((a.b.E) | a.F)\ a | 0| o — > (b.E \ F)\„ | 0|„ (b.E | F)|„ | 0|„ — -> (E | F)\„ | 0|„ a (E | F)\„ 

(44) 



((a.b.E) | a.F)\„ ""**> (£ | F)|„ 



As a second example, we show that the labeled transition system (l43T l allows some 
interaction which originates from the logical nature of Sdq. In CCS spq we model that 
(a.b.E)\ a | (a.F)\ a reduces to (E \ F)\ a , observing b, unlike in Milner CCS: 



a.b.E >- b.E a.F - 



b.E E 



(a.b.E) | a.F (b.E) | F b.E \ F E \ F a £ | F | 

Pe £ifl Pe 7 £> * « 

(a.b.E)\ a | (5.F)| — > (fo.F)| fl I F\ a (b.E)\ a \ F\ a (E \ F)\ a | 0| fl a (F | F)| fl 



(a.b.E)\ a | (a.F)| fl -^i (F | F)\ a 



(45) 



Simple processes. They are the last notion we introduce in this section. They are useful 
for technical reasons which Section [8] will make apparent. A process £ is a simple process 
whenever it satifies two constraints. First, E must belong to the language of (1461) : 



F ::= | 1.0 | F | F | E\ a (46) 
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Second, if \\,. . ,,l„ are all, and only, the action prefixes that occur in E, then ; + j implies 
I; + lj, for every i, j e {1, . . . , n}. 

Example 6.3 (Simple processes) Some are in the following table. 

(a.0) | (b.O) 
{a.0) I (((a.0) I (c.0))| rf I (b.Q))\b I (a.0) 
(((a.0) I (c.0))\ c I (b.0))\b I (a.0) 



Both the second, and the third process are simple because they belong to d46l ), and a, b, c is 
the list of their pairwise distinct action prefixes. 

Remark 6.4 {Aim, and nature of simple processes) In coming Section|7]we shall intuitively 
show that simple processes play the role of results of computations when we use derivations 
of BVQ to compute what the labeled transition system in (l43l can, in fact, compute by itself. 

7 How computing in CCS spq by means of BVQ 

Given BVQ, and CCS spq we illustrate how transforming questions about the existence of 
computations of CCS spq into questions about proof-search inside the standard fragment B VQl 
of BVQ. Let E, and F, be two processes of CCS spq , with F simple. Let us assume we want to 

check E — '> F . Next we highlight the main steps to answer such a question by answering 
a question about proof-search inside BVQ, without resuming to computations in the labeled 
transition system of CCS spq . 

To that purpose, this section has two parts. The first one formalizes the notions that makes 
the link between processes of CCS spq , and structures of BVQ precise. The second part, 
i.e. Subsection 17. 21 delineates the steps to transform one question into the other, eventually 
justifying also the need to prove the Soundness of BVQl — not BVQ — w.r.t. CCS spq , in 
Section[8] 

7.1 Connecting CCS spq , and BVQ 

Process structures. They belong to the language of the grammar (l47l here below, and, 
clearly, they are Tensor-free: 

R::= o | (UR) | [RvR] | \R} a (47) 



Like at page|4] we range over variable names of process structures by I, m, and it. 

Fact 7.1 (Processes correspond to process structures) Processes, and process structures iso- 
morphically correspond thanks to the following isomorphism, so extending the correspon- 
dence in jl] among CCS terms, and BV structures. 



(|0D I * o 


<\e.E\)^(o<<\E\j) 








lb D •-»<(! ID -II£D> 




d a D !-» a 


(48) 




<\E\F\ ) ^{<\E\ ) >s(\F\ j ] 


(1 a D •-> a 


d E\ a D H-> rtf£H, 
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Environment structures. Let us recall Example j5.2j . It shows that representing an ex- 
ternal communication as a derivation of BVQ requires to assign a specific meaning to the 
structures in the conclusion of the derivation. One structure represents a process. The other 
one encodes the labels that model the sequence of messages between the process, and an envi- 
ronment. So, we need to identify the environment structures, namely the set of structures that 
can fairly represent the sequence of messages. By definition, we say that every environment 
structure is a canonical structure (pageHJ that the following grammar (|49l generates: 



R::= o | I | (\«R) | l(UR)\ a (49) 



If different from o, we have to think of every environment structure as a list, possibly in the 
scope of some instance of Sdq, that we can consume from its leftmost component, onward. 

Example 7.2 (Environment structures) Leta,a\,ai,b\,b2 & °. 





a example 


(50) 


(ai < r<«i 


- \{bi*bx)\ hl )\Q example 


(51) 




* \(bi •* b\ >Ji,j )Jt 4 > counterexample 


(52) 




•> \{b% ■> b\ )Jfc, >Ji,, ) counterexample 


(53) 



d52T > is not an environment structure because bt\ does not occur in the structure. (1531 is not an 
environment structure because o occurs in it. 



Fact 7.3 (Environment structures map to sequences of actions) The map d54T > takes both an 
environment structure, and a set of atoms as arguments. The map transforms a given environ- 
ment structure to a sequence of actions that may work as a label of transitions in (143V 











l\Jx h> e (leX) 












(54) 


lljx (ItX) 









Given an environment structure, the map yields the corresponding sequence, if its second 
argument is 0. 

Example 7.4 (From an environment structure to actions) Both b\, and £>2 are internal ac- 
tions of [(ai < [(ai i \(b2 < bi)}b 1 )]b 2 ) Ho = a u a\\ e\ e a in ( l5TT >. Intuitively, if a variable 
name I that occurs in a structure E belongs to X in [[£ ]x, then I gets mapped to e. The reason 
why I is in X is that I is not a free name of E. 

Trivial derivations. By definition, a derivation & of BVQ is trivial if (i) & only operates 
on Tensor-free structures, and (ii) & does not contain any occurrence of ai|. All the others 
are non-trivial derivations. 

Example 7.5 (A trivial derivation) It is in d55l ) here below. 
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r<[agfl]«([fe'gft]«[*-gr-go]))],, 

rn 'r([flSfl]«K*«[*»r])?(*« °>]>J a 
r<[fl-gfl-go] < [<fc < [/?-gr])'gfc])j a 

{[([a>9a\«(b<lR>gT]))>8b]} a 
uj. = — (55) 

[r<[ fl -gfl]«<[fr'g°]«[*'gr]))]., | gfr] 

ql U[(a*b<R)v(a<T)]] a >sb] 



Being trivial does not mean without rules. "Trivial" identifies a derivation where no commu- 
nication, represented by instances of ai|, occur. 

Fact 7.6 (Trivial derivations on process structures are quite simple) Let R, and T be pro- 
cess structures, and & : T h B R be trivial. Then B = {qj,, uj,}, and all the instances of q| in 

(L<[R'VR"]) (R'<R") 
3> have form ql =====, or ql , for some R',R", and 1 96 o. 

[(\<R')>gR"] [R'VR"] 

([R vU]®T) 

Proof By definition, no ail can exist in @. Let us assume an instance s exists 

[(R s T) V U] 

in @. Since @ is Tensor-free, it must be T ~ o and we can eliminate such an s. Let us 

{[\>$m]<[R' vR"]) 

assume one instance of ql exists in Ql. In general it would be ql (*), for 

H 5 [(I <R')>s(m <R")] 

some l,m,R', and R" . So, let us assume such a (*) occurs in S> with I, tit 96 o. In absence 

of ail, even though we might have I a m, the structure [I >S m] could not disappear from @, 

namely from T. Consequently, T could not be a process structure, against assumption. 



Simple structures. This notion strengthens the idea that "trivial" stands for "no interac- 
tions". A structure R is a simple structure if it satisfies two constraints. First, it must belong 
to the language of d56l l. 



R::= o I I I [RvR] I \R} a (56) 



Second, if Ij, . . . , I„ are all, and only, the variable names that occur in R, then i + j implies 
h + lj, for every i, j e { 1 , . . . , n\. 

Fact 7.7 (Basic properties of simple structures) • Trivially, by definition, simple struc- 
tures are co-invertible, because every of them is the negation of an invertible structure 
(Proposition l4.2l ) 

• Simple structures are the logical counterpart of simple processes, thanks to the isomor- 
phism (T48l . 

Example 7.8 (Simple structures) The following table shows some instances of simple struc- 
tures which correspond to the simple processes in Example (16.31 l. 
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Simple structures 

[a'Sb] 

[a s ["Ufa T? S]J rf * fc]Ji, "S a] 
[firto * c]J c * fe]J 6 « a] 



Both the second, and the third structures are simple because belong to d56i l. and a, b, c is the 
list of their pairwise distinct variable names. All the structures are coinvertiblebecause nega- 
tion of (a ® b), and (a ® [([(a ® c)\d ® fe)Ji, ® a), and (|~(r(a ® c)J f ® b)Jft ® a), respectively, 
which all are invertible. ■ 



The following fact formalizes that trivial derivations operating on simple structures only, 
represent computations where only instances of u| occur. In Section |8]this will allow to see 
that a trivial derivation on simple structures stands for a process that cannot communicate, 
neither internally, nor externally. 

Fact 7.9 {Trivial derivations on simple structures contain almost no rules) For any simple 
T, if Qi : T H B R is trivial, then B = {u|J, and R is simple as well. 

Proof Fact 17.61 implies that the derivation @ only contains instances of ul, and of very 
specific instances of q|. Both kinds of rules neither erase, nor introduce atoms, or new 
occurrences of Seq in between R, and T. Let us assume that & effectively contains an 
instance of q| with reduct (1<R'), for some I, and R'. Then, the occurrence of Seq would 
occur in T, as well, making it not simple, against our assumption. So, no occurrence of 
q| exists in This, of course, does not prevent the existence of {1<R') along S>, and, in 
particular, inside R. However, ul could not eliminate it, and an occurrence of Seq would be 
inside T. In that case T could not be simple, against assumption. But if no occurrence of 
(1<R') is inside £), then our assumptions imply that R is a simple structure. ■ 



7.2 Recasting labeled transitions to proof-search 

Once connected BVQ, and CCS spq as in the previous subsection, we get back to our initial 

reachability problem. Let us assume we want to check E '' '> F in CCS S pq, where F is a 
simple process. The following steps recast the problem of CCS spq into a problem of searching 
inside BVQ: 

1. First we "compile" both E, and F into process structures (j E [), and (j F |), where <\ F \) is 
forcefully simple. Then, we fix an R such that P? Jo = li ; • ■ • ; I„. 



2. Second, it is sufficient to look for £P : h [<\ E \j >8 (\ F \j v R] inside BVQ as the up- 
fragment of SBVQ is admissible for BVQ (Corollary IQ1I6 1.) . 



3. Finally, if 3? of point (O here above exists, we can conclude E - ' '> F in CCS spq . 



Point[3]rests on some simple observations. The structure (| F \) is invertible thanks to Fact l7.7l 
So, it exists : <\F\j h BVQ [ <\ E \j "8 R] where both (\ E |), and (| F D are Tensor-free because 
they are process structures. The same holds for R which is an environment structure. Conse- 

([R vU]®°) 

quently, every instance of s in if any, can only be s , and it can be erased. This 

[(R®o)>9U] 
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means that only contains rules that belong to {ail, qX, u||. Standardization (Theorem l3.6K 
which applies to {atJ,L, ai|, q|, uXI, implies we can transform 3 in BVQ to a standard deriva- 
tion S of BVQl. The only missing step is in the coming section. It shows that proof-search in 
BVQl is sound w.r.t. the computations of the labeled transition system defined for CCS spq . 

8 Soundness of BVQl w.r.t. CCS spq 

The goal is proving Soundness whose formal statement is in Theorem d8.9t below. We remark 
that our statement generalizes the one in |fl~), and our proof pinpoints many of the details 
missing in \ X\. 

Soundness relies on the notions "reduction of a non-trivial derivation", and "environment 
structures that are consumed", and needs some technical lemma. 

Reduction of non-trivial, and standard derivations of BVQl. Let R, and T be process 

T 

®" || BVQl 

S[o] L 

structures. Let £? be a non-trivial, and standard derivation atu — (*), where (*) is the 

Sid's af 

9' || BVQl 

R 

lowermost occurrence of atXi- in '2. The reduction of & is the derivation S of rules of BVQl 
that we get from by (i) replacing o for all occurrences of a, and a in $!' that, eventually, 
form the redex of (*), and by (ii) eliminating all the fake instances of rules that the previous 
step may have created. 

Fact 8.1 (Reduction preserves process structures) Let R, and T be process structures. For 
every non-trivial, and standard derivation S> : T ^ BVQl R, its reduction S : T h BVQl R! is 
such that both R', and T are process structures. Moreover, S may not be non-trivial, namely, 
no atXL may remain in S . However, if $ is non-trivial, then it is standard. 

Proof The first statement follows from the definition of process structures. If we erase any 
sub-structure from a given process structure, we still get a process structure which, at least, 
is o. Moreover, the lowermost instance of atXL disappears, after a reduction. So, if it was the 
only one, none remains. Finally, reduction does not alter the order of rules in 2. 

Fact 8.2 (Preserving right-contexts) Let @ be a trivial derivation @ : S'{a) u ^ S{a}, for 
some S { }, 5"{ }, and a. 

1 . If S[a} is not a right-context, then S '{a} cannot be a right-context as well. 

2. If S'{a} is a right-context, then S{a] is a right-context as well. 

Proof 1 . If S{a] is not a right-context, then it has form S{a] » S o (R - S \ {a}), with R # o, 
for some Sq{ }, and S\{ }. Seq is non commutative. So, going upward in there is 
no hope to transform So (R "Si{a}) into some S' (S'jja} 1 " <R') L where the occurrence 
of a in the first structure is the same occurrence as a in the second one. Moreover, 
[RVT] 

is not derivable in {qX, uXI c BVQ. So, So{R <S i{a}) cannot transform into 

(R " T) 

some S'q [R' 'S S ',{fl) L ] L , going upward in @. 



2. By contraposition of the previous point (Q}. 
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Proposition 8.3 (Process structures, trivial derivations, and right-contexts) Let R be a pro- 
cess structure, and @ be a trivial derivation @ : S [b >8 b\~ H (q ^ u ^ R, for some S { Y,b, and 

b. Then: 

1 . R # o, and both b, b occur in it. 

2. The structure R is a right-context for both b, and/?. Namely,/? « S ' {b}^ , and R « 5"'{b} L 
forsomeS'f j 1 -, andS") } L . 

3. /?#S'<0! <£'{&}>, and R#S"(a <8"{b}), for any S'{ }, andS"{ }. 

4. /? * [5'{fe} L 'S>r£"W L Jft'S'n, withb 6 fn(S» L ), and/? * [[5 '{fe} L J;, 5 "(b} L ~ 'S T], 
with £> E fn(5 "{£>} L ), for any 5'{ } L ,S"{ Y, and process structure T. 

5. Let a be a, possibly empty, sequence of names. Let T be a process structure, possibly 
suchthatr ~ o. Then/? * « S'>) L ^7]J^ such that either (i) b e fn(S'{Z?} L ), 
and € fn(5"{fc} L ), or (ii) b 6 bn(S'{£} L ), and e bn(S "{&}■-). 

6. Let S'{£>} L be the one in Point (0 here above. If F, and F are processes such that 

d E |) = 5 '{/?) L , and (| F [) = 5 '{o} L , then £ — U- F, where t is e, if b e bn(S '{fr} L ), and 
I is b, if b e fn(5"{£>} L ). The same holds by replacing S"{ } L for 5"{ J L , and b for b. 

7. Let S'{b} L , and S"{b\- be the ones in Point © here above. If F, F, F', and F' are 
processes such that <\E\) =S'(fc) L ,|F| = S"{£} L ,(jF'^ = 5"{o} L , andflF'^ = S"{o} L , 

then F | F — E' \ F' . 

Proof Concerning point ([TJ, since no rule of @ generates atoms both b, and b must already 
occur in R. 

Concerning point (O, we start from point (Q3, and we look at S [b 'S b\~ by first "hiding" 
b, which gives Soib} 1 - = S [b 'S b\~, for some Sq{ } l , and then "hiding" b yielding S \{bY = 
S[b^ bY, for some S\{ } L . Then, we apply point © of Fact[S2]to Sa{bf. It implies that 
R ~ S'{b) is a right-context, for some 5"{ }. Analogously, point (f2|i on Fact 18.21 to S i{b} L 
implies that R » S "{b} is a right-context, for some S "{ }. 

Point (01, directly follows from point (0. 

Point (0 holds because, for example, b cannot enter the scope of [S "\bY\b- 
Point 01 follows from 01. 

Point (0 holds by proceeding inductively on |F|, and by cases on the form of S'{ \~, or 
S"{ } L , respectively. (Details, relative to S '{ I 1 -, in AppendixICl) 

Point holds thanks to points 01, and 0), by proceeding inductively on |F | F|, and by 
cases on the form of S '{ Y, and S "{ } L . (Details in AppendixlDl) 

The coming theorem says that the absence of interactions, as in a trivial derivation, mod- 
els non interacting transitions inside the labeled transition system of CCS spq . We include 
proof details here, and not in an Appendix, because this proof supplies tha simplest technical 
account of what we shall do for proving soundness. 

Theorem 8.4 (Trivial derivations model empty computations in labeled transition system) 
Let F, and F be processes, with F simple. If & : <\F\j h BVQ d F D is trivial — beware, not 

necessarily in BVQl — , then F — — >■ F. 
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Proof Fact |7.9| implies that (| E D is simple, like (| F D is, and that 2> can only contain instances 
of uj,, if any rule occurs. We proceed by induction on the number n of instances of u| in 2$. 

If n = 0, forcefully (\E\) = (\F\). We conclude by rfl, i.e. E — E . Otherwise, the last 
rule of 9 is: 

l>i S[HE'\)i a 'S^E"\)i a ] 

for some context S { }, and processes £", and F", such that <\ E |) * 5 [|~(| £" DJ fl >s> rd F" DJJ- 
We can proceed by cases on the form of S { }. 

• Let S { J w { }. So, £ must be E'\ a \ E"\ a , and we can write: 

rfl 

E | E" — ^3- £' | £"' s E' | E" | 

Pi 

E'l | F/'L, — ^ (E> | F")L, I 0U a (£' | £")| fl (£' I F")la — ^ F 

trn 

E'\ a \E"\ a —^F 

where (£" | E")\ a — ^> F holds by induction because <\ F \) h \[<\ E'\)>8<\ E" |)]J a is 
shorter than ^. 

• Let S{ } ~ [{ } V T]. So, E must be F/| a | E"\ a | F', with (]F' ) = T. The case is 
analogous to the previous one, with the proviso that an instance of ctx must precede 

the instance of pj. In particular, (£' | E")\ a \ F' — — F holds by induction because 
d F D h {u4) [rfd F'D >? (| E" |)]J fl -9 (|F' [)] is shorter than 9. 

The third case 5 { } « (I « { )) that we could obtain by assuming E = \.E' cannot occur 
because E would not be simple, against assumptions. 

Remark 8.5 (Why do we define simple structures as such?) Theorem l8. 41 would not hold if 
we used "process structures" in place of "simple structures". Let us pretend, for a moment, 
that F be any process structure, and not only a simple one, indeed. The bottommost rule in 
£F might well be: 

<QiHflg'D-g(ig"D]) 

for some F', and E" , such that E — E' | (I.F"). By induction, I.(F' | E") — — >■ F. However, 

in the labeled transition system (l43l of CCS sp q we cannot deduce E' | (I.F") — e —^~ L(E' \ E") 
whenever I occurs free in E' . So, as we did in the definition of simple processes, we must 
eliminate any occurrence of Seq structure. 

Theorem 8.6 (Soundness w.r.t. internal communication) Let F, and F be processes, with 

®" ||bvQl 

F simple, and E # o. Let 9 be the derivation atj.L — (*) which, besides being standard, 

S[b v bf 

®'||bvQl 

m 

we assume to be non-trivial, and such that (*) is its lowermost instance of atL.. If, for some 
process G, the derivation $ : \F\ ^bvQl d G D is me reduction of 9, then E — ^->- G . 

Proof The derivation '3' satisfies the assumptions of Point (|2]) in Proposition 18.31 which 
implies fl#D » S'{b}\ and <\E\j * S"(b}\ for some 5"{fc} L , and S"(b} u , which must be 
process structures. We proceed on the possible distinct forms that <\ E \j can assume. Point (|7]) 
of Proposition 18.31 will help concluding. (Details in Appendix[E]) 
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Environment structures that get consumed. Let T, and U be process structures, and R 
be an environment structure. Let @ : U i- BVQl [T "» R] which, since belongs to BVQl, is 
standard. We say that @ consumes R if every atom of R eventually annihilates with an atom 
of T thanks to an instance of atJ.L, so that none of them occurs in U . 

Example 8.7 {Consuming environment structures) Derivations that consume the environ- 
ment structure (a < b) that occurs in their conclusion are (|23"V and (l24t . If we consider only a 
part of 1231 . as here below, we get a standard derivation that does not consume (a < b): 















[T* 




'*] 




atii. 










[{[a 


'go]- 


[T i? b\) 


s{b<U)] 


(57) 


qi 










[{a 




?(b<U)>i 


?<a«b)] 





Theorem 8.8 (Soundness w.r.t. external communication) Let E, and F be processes, and R 
be an environment structure. Let F be simple, and E % o. Let ^ be a non-trivial, and standard 
derivation that assumes one of the two following forms: 



Si" || BVQl 

or atii. — (*) 

S [b >9 bf 
®'||bvQl 
[\E)v\(jb <R)\ b ] 

such that (*) is its lowermost instance of atlL, and b in S [b 'S b] is the same occurrence of b 
as the one in (b <R). If S : (\F\) i- BVQl [fl G D vR] is the reduction of 9, then E — G if 

e bn(£). Otherwise, if 6 fn(£), then £ — b -> G . 

Proof First, 3 necessarily consumes (b<R), or \(b<R)]b in either cases. The reason is 
twofold. Being (| F D a simple structure implies it cannot contain any Seq structure which, in- 
stead, is one of the operators that can compose (b < R), or \{b < R)\b- Moreover, no occurrence 
of b inside R can annihilate with the first occurrence of b inside (b < R), or \{b - R)ii,. 

Second, 3' satisfies the assumptions of Proposition 18.31 So, its Point (O applies to 
[fl£D (b*R)], and [fl^D >? \{b<R)ibl Since b occurs in (b<R), for some S'{ } L , it must 
be (| E D tss S'ib} 1 - in which the occurrence of b we outline is the one that annihilates the given 
b. We proceed on the possible forms that (j E D can assume, in relation with the form of R. 
Point (O of Proposition |8.3| will help concluding. (Details in Appendix|F]) 

Theorem 8.9 (Soundness) Let E, and F be processes with F simple. For every standard 

derivation 3, and every environment structure R, if @||bvQl, and £F consumes R, then 

[<\E\)>8R] 



Proof As a basic case we assume fli?D ss o. This means that E is 0. Moreover, since & 
consumes R, and no atom exists in §E [) to annihilate atoms of R, we must have t\F\) « o, i.e. 

F = 0, and R x o. Since — *— ^ 0, thanks to rfl, we are done. 

Instead, if (| E D & o, in analogy with [ 1 ], we proceed by induction on the number of rules 
in 3, in relation with the two cases where R m o, or 56 o. 

Since is non-trivial, and standard, we can focus on its lowermost occurrence (*) of 
atJ,L. Let us assume the redex of (*) be [b >s b]. We can have the following cases. 



atiL 



Sf" I BVQl 



— (*) 
@' || BVQl 

MED 



20 



Let R m o, and S : <\F\) h BVQ <\ G } be the reduction of 9. 

1 . The first case is with S non-trivial. The inductive hypothesis holds on S, and we 

. „ «=[«]« „ 
get G 5- F . 

2. The second case is with S trivial, so we cannot apply the inductive hypothesis on 
S. However, Theorem l8.4l holds on <§ , and we get G — — F. 



Finally, both 9, and § satisfy the assumptions of Theorem l8.6l so it implies E >• G, 

and the statement we are proving holds thanks to trn. 

Let o # R ss \{b< T)\b, for some environment structure T. Let § \ \F\ h BVQ 
[d G D 'S f(o •« T)Ji] be the reduction of 9. Since f(o •> T)J/, is an environment struc- 
ture, it is canonical, so, necessarily f(o < T)\b ~ [Tib ~ T because b £ fn(T). Hence, 
$ : (| F D h BVQ [(| G D *8 T]. Moreover, since b disappears along 2>, we forcefully have 
bebn(iE\)). 

1 . Let £ be non-trivial. The inductive hypothesis holds on S, implying G - ^> F . 



Moreover, 9 satisfies the assumptions of Theorem l8 . 8 1 which implies E >■ G 

also because, as we said, b e bn((| E D). So, the statement holds because \T J (fc ^ m 

= m m ;lTJ {b ^ = [r<6«.r>J i l Bf andbytrn we get £ fr< ^ >J " le > F . 
2. The second case is with S trivial, so we cannot apply the inductive hypothesis 

on § . However, Theorem l8.4l holds on S, and we get G — — F , which implies 
T ~ o. Indeed, if T & °, then 9' could not consume T. The reason is that being S 
a trivial derivation, it cannot contain any instance of ai|. But a 9' not consuming 
T, would mean 9 not consuming R, against assumption. Finally, Theorem 18.81 

holds on 9, and implies E — G, because, as we said, b e bn((| E D). So, the 
statement holds because [o J [b ^ « e; [o \ {b ^ = lbj {bb] ; [o J {bb] = « o)J 6 ] , 

and by trn we get £ >■ F . 

We could proceed in the same way when o # /? w f (b < T)\i,. 

Let o * F * (fo < T). Then, both <T : fl F|) h BVQ [(| G D >s> 7*], and b e fn(fl £ [)) for the 
reasons analogous to the ones given in the previous case. 

1. The first case is with $ non-trivial. The inductive hypothesis holds on S, and 

we get G 11 ^» F . Moreover, Theorem l8.8l holds on 9, and implies E — — G , 
because, as we said, b e fn(fl £ D). So, the statement holds because [£> J@; QT Jg = 

|[<fc - T) ] , and by trn we get £ — l<b ' T)h ; F . 

2. The second case is with S trivial, so we cannot apply the inductive hypothesis on 

§. However, Theorem l8.4l holds on §, and we get G — F, which implies F « 
o for reasons analogous to the ones given in the previous case. Moreover, Theo- 

rem 18. 8 1 holds on 9, and implies £ — — »- G, because, as we said, b 6 fn((j £ D). 

So, the statement holds because lbjq> a [fr Jo; e = [fr I0; [° Jo = [(b « °) Jo, and 

, , t „ [<*«)]« „ 
by trn we get £ a- F. 

We could proceed in the same way when o # R k {b <T). 
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8.1 An instance of the proof of Soundness 

The derivation (l58l is standard. 



atlu,ri7l _ 

\{[b'Sb].[<\E'\)i!<\F'b])l° 
aUL,[T7],r]8l 2 _ (*) 

r<[fl-g5]^[fc-gfc]^[(|£ , D | g(|F'D-8o]»j < , 

_ T<[« V S\ < [(b < [fl £' D * (| F' |)]> V < o>]>j fl 

r<[a -ga o] ^ [<fc ' [d ■& dF'D]> 

* r[<[a * 5] « <fc - [d E' D -s d F' D]>> i? <° 

rm _ (58) 

_ J 4 [r<[fl * a] < (b < [<\E' D * F' D]»J„ i? r*J„] 



* a] « (lb v o] < [d E' D * d F' D]»J a * 6] 
pi — 

nxjg -g g - [<& ij £j> ■» <° ij p t»]>j n * 

[r<[a -g fl] ^ [<fc ^ (I }> -g (I f ' D]>J fl -g fc] 
^ U[(«<b«(\E'\,)>s(a-.(\F'\,m a '3b] 



Hence, d58T > is an instance of the assumption @ : (\F\) i- BVQl _ td-ED ^ R] m Theorem 18.91 
above. The structure [[(a < b < <\E' \)) >s (a < <\F' |)>]J a in ([58} plays the role of (| £ |), while b 
corresponds to R. Finally |~[(]F/[) ^ (|F'D]J fl plays the role of dF[), for some process E', 
and F'. By definition, E = {{a.b.E') \ (5.F'))L and F = (£" | F')| a . Once identified 
the lowermost instance (*) of atJ.L, we replace o for all those occurrences of atoms that, 
eventually, annihilate in (*). So, ( f58l becomes the structure (l59l which is not a derivation 
because it contains fake instances of rules. 



rfflF'D'sflF'DLL, 





sflF'DDj. 


K[oSo]«([i*fe]-[(£' 


NdF'D>So]»j 8 


r([o-ffo]<[<fc<[(|£'D*(i 


^H>W<*-o>]>J- 


[([o S o*o]<[{6,p' 


)*(|F'P]>'p5]>J a 


r[<[ovo] < <z,,[dF'D^d 


F'|)]» -9 <° «£>]J a 


r[([ovo].(z,<[d£'^ 


M^I)]»**]J. 


[r<[o*o]«.<i«[fl£'D's 


0F'i)]»j 8 *r*jj 


[[{[oSo]«([|,«o].[|£' 


D*0F'D]»j a 'p5] 


[r<[ovo]«[(Z7<dF'D>'g 


(°«<|F'|)>]>J fl *fc] 



U([o>so]<l(b<(\E'\i)v(\F'\)])] a 'zb] 
Ul(o<b<(\E"i,)>8{o<(\F'\))]] a , sb] 



(59) 



Removing all the fake rules, we get to S in ( f60b : 
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aUL,Q7] = 



18 r([fc^?fc]-[d£ / t>'gd^N o ])J fl 
"J r[<6 - en p "s- o [>]> - o>]j fl 

(HP — 



ql - 



r<° ' [<fc ' [q g' p -g q ^ &]> -g &]>j a 
„ " x [r<& - [fl £" d (i f &]>j n ^ r^j n ] 

[KE *°] «[([£' I) DM. 
[{[(b<<\E'\))>sHF'^\ a >gb] 



(60) 



The lowermost instance (*) of at|i_ in 08] ) has disappeared from (l60l i. The inductive argument 
on ( f60b implies ((b.E') \ F')\ a — ^->- (£' | F')\ a . Since we can prove: 



a.b.E' >- b.E' a.F' >- F' 

c (61) 

(a. b.E') | (a.F') | a (a.b.E') | (a.F) '—^ (b.E') | F' a (b.E') | F' | 

eS« 

((a.b.E') | (a.F'))l„ a ((<,.&.£') | (a.F'))\ a | 0|„ >■ ((&.£') | F% I 0|„ a ((£.£') | F% 



by transitivity, we conclude ((a.b.E') \ (a.F'))\ a — b —>- (£" | F')\ a . 

9 Final discussion, and future work 

This work shows that BVQ J4]|5]|6], which we can consider as a minimal extension of BV Q, 
is expressive enough to model concurrent and communicating computations, as expressed by 
the language CCS spq , whose logic-based restriction con hide actions to the environment in 
an unusual flexible way, as compared to the restriction of Milner CCS. The reason why, in 
various points, we have kept relating CCS sp q with a fragment of Milner CCS is twofold. 
First, we start from the programme of |JT], that shows the connections between BV and the 
smallest meaningful fragment of Milner CCS. Second, it is evident we can define BVCr 
as follows. We take BVQ \ {uj,} and we forbid clauses ( fT9] i, and d20l i on its structures. So 
defined, BVCr would be very close to the fragment of Milner CCS, which we have called 
CCS spr , and which only contains restriction, and both sequential, and parallel composition. 
The reason is that BVCr could simulate the two standard rules for restriction: 



-E' 



It [a, a] le{a,a) 

E\ a — { -^E'\ a E\ a ^^E'\ a 

but not the rules Pi, and p e in (l43l . However, in fact, Sdq looks much closer to the hid- 
ing operator (va)E of 7r-calculus (7). Clause (|2TT > "is" (va)(vb)E * (vb)(va)E. Clause ( fl9l ) 
generalizes (va)0 « 0. The instance: 

m."i ^=^= (62) 

[\E\ a V F] 
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weakly corresponds to scope extrusion (va)(E | F) « (va)E | F which holds, in both direc- 
tions, whenever a is not free in F. We postpone the study of semantics and of the relation 
between CCS sp q, and the corresponding fragment of 7r-calculus, to future work. 

Further future work we see as interesting, is about the generalization of Soundness. We 
believe that a version of Soundness where no restriction to simple processes holds. The reason 
is twofold. First, thanks to the Splitting theorem of BVQ 13] [5] [6) it is possible to prove that 
every proof of BVQ can be transformed in a standard proof of BVQ. So, no need to restrict to 
Tensor-free derivations of BVQ exists to have standard proofs. Second, the reduction process 
looks working on standard proofs as well, and no obstacle seems to exist to the application of 
inductive arguments analogous to those ones we have used to prove our current Soundness. 

We conclude with a remark on the "missing" Completeness. Our readers may have no- 
ticed the lack of any reference to a Completeness of BVQ, w.r.t. CCS spq . Completeness 
would say that BVQ has enough derivations to represent any computation in the labeled tran- 
sition system of CCS spq . Formally, it would amount to: 

Theorem 9.1 (Completeness of BVQ) For every process structure E, and F, if (\E\j ^ 4> (| F [) , 
then 9 : F h BVQ [E v R]. 

Ideally, we leave the proof of Theorem ( 19. It as an exercise. The system BVQ is so flexible 
that, proving it complete, amounts to show that every rule of CCS spq is derivable in BVQ. 
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A Proof of commuting conversions in {atti_, aij,, q|, uJJ 
(Lemma 13781 page 111) 

The proof is, first, by cases on p, and, then, by cases on S [a 'S a\~. Fixed S [a "8 a] L , the proof 
is by cases on R which must contain a redex of ai|, q|, or uj,, that, after ai|*, leads to the 
chosen S [a 'S a\~. 

We start with p = ai|. 

• Let S [a 'S a] L « [a"Sa\. So, [a V \(a« [b *s b])\b], and [a >S (a < [b >8 b]}] are the most 
relevant forms of R. Others can be [a 'S (a < \[b *8 b\\b)\, and [[a a] 'S \[b 'S b]\b], and 
([a V a] < [b 'S b]), and {[a >? a] < \[b *3 b]\b). 

We fully develop only the first case with R « [a >$ [(a < [b >9 b])\b\- In it the derivation 

o 

ai|,GU = 



\[b^b]\ b 

at|L atli. 



[flsa] transforms to \([a >8 a] < [b >s b])\i,. 

ail,(nJ,(T9) _ {TD,q|,{T8} _ 

[a V \{a < [b v b])\ b ] \[a s (a < [b s b])]\ b 

[a^\{a<[b*8b])\b\ 

If, instead, S [a *s a] 1- » [a 'S (a < [b *8 b])], then no instances of ul are required, but only 
one of q|. 

LetS{ }*[S'{ f^U'l [R'vU"} 

at|i_ 



- If « [X'[a«S] L v S"[bv b]], with U' *S"[b Kb], then [5'[a'S^] L -s U"] 

ai| — 



ail ^ = [5'[fl>S>^] L >8>S"[£>5?£]] 

transforms to [R' *a S"[b'sbW , for some R', and t/". === 

atlL _ _ 

[S'[a^af'sS"[b'8b]] [R' v U'] 

atlL 



- If R * [S'[a >s? a] L -? t/'] = [S"[b <sb]>8 U'], then [5 , "[a'gfl] L -g £/'] , for 

[S"|>>S?F| >S? U'] 

some S"'{ j L , which is S "[b 'S b] with [b v b] replaced by o, and/?', transforms to 

[R' >§> [/'] 
ail _ = 

^""[b'Sb] v U'] for some S""{ } which is S'[a>sa], with [a*sa\ replaced 
al|L. ===== 
[S'la'S^ >s U'] 

by o. 

Let S{ } aa [S'{ } L J f where c may also coincide to a, or £>. This case is analogous to 
the last point of the previous case, because S'[a >8 ~a\- = S"[b >8 b], for some S"{ }. 

LetS{ }*(S'{ f<U'). (R'.U") 

atlL 



- IfR « (S'[a>8a\^< S"[bvb]), with U' *S"[b>sb}, then (^'[a^] L <t/") 

ail = 1^2= 31 <S '[a >s>a] L «S 

transforms to < S"[b "3 b]) , for some R', and t/". 

atlL _ 

{S'[a>8a]- <S"[bvb]) (R> <U') 

at|L 



- If * <S'[ai?a] L <f/'> = (S"[i >S>fc]<E/'>, then <5'"[a >B < U'), for some 

ail _ = 

(S"[b'9b]<U') 

S"'{ } L , which is S"[b*sb], with [b >s b] replaced by o, and R', transforms to 
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(R' < U') 

aij. : 



(S""[b <9 b] < U') for some S""{ ) which is S'[a>8a\, with [a >S a] replaced 

(S'\a>sa\-<U') 
by o. 

Now we focus on the case with p = q|. 

• LetS{ } L ~S'[(U'<S"{ }>*<£/" «■£/'">]. Then/? « S'[<I/' <S"[a >s a\) v <C7" < £/'">], 
and 

5'([f/' C/"] < !/'"]> S'<[£/' v £/"] « [5"{o} ■» £/"']> 

qi 5'[(t/'<5"{°})'S > <f/"-f/'">] transforms to ^ S'([U' D U"] < [S"[a >sa]>s U'"]). 
aii S'[(U' <S"[aVa])v(U" <U"')] ^ S'[(U' < S"[a V a]) i <!/" < £/'">] 

• Let 5{ J 1- ~ ^'[(^"j } < £/') 'S (i7" < U'")]. This case is analogous to the previous one. 
Finally, let p = uj. Then u| involves the redex of ail whenever S { isS'|JS"{ }\ a 'S \U'] n ]^. 

S'\[S"{o}>8U']l a 

So, R * S'[\S"[a valla* \U'\ a ], and " 5'[r5"{o}J fl V Tf/'JJ transforms to 

aij. 

S'tfS"[ava]} a >v{U'l a ] 

S'[[S"{o}VU r \} a 



^ S'\[S"[a>Sa]>sU']} a . 
Ul S'US"[aVa]} a v{U'} a ] 



B Proof of A language of invertible structures (proposition 14^2 
page© 

This proof rests on Shallow splitting of J5] whose statement we recall here. 

Proposition B.l {Shallow Splitting) Let R, T, and P be structures, and a be a name, and & 
be a proof of B VQ. 

1. If 9> : h BVQ [(R < T) 'S PI, then there are S> : (Pi < P 2 ) h bvq P, and @>\ : h BVQ [R >s Pi], 
and £^2 ■ l- BVQ [T "3 P2I, for some Pi, and P 2 . 

2. If &> : h BVQ [(R ®T)>$ P], then there are S> : [Pi >s P 2 ] H BVQ P, and : h BVQ 
[R >s> Pi], and ^ 2 : H BVQ [T >8 P 2 ], for some P u and P 2 . 

3. Let & : h BVQ [R >s P] with P » [Ii v • ■ ■ >s \,„], such that i + j implies 1/ + I/, for every 
i,j e {1, . . . , ra}, and m > 0. Then, for every structure Ro, and R\, if R « [Po ^PiL 
there exists ^ : /?! h BVQ [P P]. 

4. If ^ : 1- [rPJ fl 1? P], then there are : r rj fl H BVQ P, and &>' : h BVQ [P >8 T], for some 
P. 

Now, we reason by induction on \[T *S P]\, proceeding by cases on the form of T. 

As a. first case we assume T * o, and we cope with a base case. The assumption becomes 
J 2 : h [o >s> P] which is exactly: 

o ss o 
[o I? P] « P 
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As a second case we assume T ~ \jd\ >S ■ • ■ >S a m ], and we cope with another base case. 
The assumption becomes & : h [\a\ n • ■ • n a m ] >8 P]. We conclude by Point [3] of Shallow 
Splitting (Proposition lB.lt which implies {ci\ ® ■ ■ ■ ® a m ) h BVQ P. 

As a third case we assume T w (/f i ® T^)- So, the assumption is 2? : h [(Pi ® P2) 'S J ]. 
Point|2]of Shallow Splitting (Proposition lB.lt implies ^ : [Pi *g P 2 ] 1- P, and B\ : h 
>s> Pi], and ^ 2 : l- [^2 « P2], for some Pi,P 2 . 

Both and R 2 are invertible, and Pi >? Prf] < \[(Ri ®R 2 )>sP]\, and \[R 2 vP2\\ < 
\[(Ri ®R 2 ) v P]\. So, the inductive hypothesis holds on £t u and B 2 . We get £ [ : Ri h Pi, 
and S 2 : R 2 V P 2 . We conclude by: 



(Ri ®R 2 ) 

m - - 

[Ri v R 2 ] 
[*i * ^2] 

[Pi <B P 2 ] 



As a fourth case we assume 7 1 « [PJ„ such that, without loss of generality, a e bn([PJ a ). 
So, the assumption is & : h |JPJ a >s P]. 

Pointg]of Shallow Splitting (Proposition lEB implies & : \T\ a h P, and £ : h [R v T], 
for some T. 

Both P invertible, and \[R >S T]\ < \[\R\ a >S P]\, imply the induction holds on B. We get 
S : RhT. 

So, we conclude that: 




\T\ a 

®\\ 
P 



C Proving point © of Process structures, trivial derivations 
and right-contexts (Proposition 18.31 pageHHI) 



The proof is by induction on the size of E, proceeding by cases on the form of 5"{ } L , which, 
by assumption, is a process structure, so it can assume only specific forms. 

• The base case is S'{ } L * <{ } < U), for some U. So, S'{o} L * <o < U) « U. Moreover, 
d E D = (b<U) implies that E is b.E' for some E' such that d £' D = U. Since we can 
prove: 



b.E' — b —> E' 



we are done because <\ F [) = (o < U) « U = (| 2?' |). 

A first remark is that we cannot have 5" { } L * } L < F) with 5'{ l 1- # { [.Otherwise 
S '{ } L would not be a process structure. 
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A second remark is that U » o does not pose any problem. In such a case E is b.O, and 
we can write b.O — b —>- . 

• LetS'{ } L «;7].Theassumptions^£p = [S ' {b^ >9 U], and (\ F \j = [S'{o} L >s> t/] 

imply that E is E' \ E" , and F is F' \ E", for some E',E", and F' such that t\E' |) = 
5 '{fc} L , and (j F' [) — 5 '{o} L , and (| E" \) = U. We can prove: 



ctx 

E' | E" — F' | B" 

because the premise holds thanks to the inductive hypotheses, also assuring the desired 
constraints on I. 

• Let S'{ f ~ \S'{ Y\u- The assumptions <\E) = \S'{bf\ a , and <\F\j = \S'{oY\ a 
imply that E is E'\ a , and F is F'\ a , for some E' , and F' such that <\E' [) = S'{£>} L , and 
(|F'D = 5'{o} L . We can prove: 

F'^^F' 
p 

because the premise holds thanks to the inductive argument. Of course we choose p, 
depending on a. If a = b, then p must be Pi, and V = e. Otherwise, if a £ b, then p 
must be p e , and I' = I. 

Point (01 of this Proposition excludes any further case. 



D Proving point © of Process structures, trivial derivations 
and right-contexts (Proposition 18.31 page [TBI) 



The proof is by induction on the size of E \ F, proceeding by cases on the forms of S'{ Y, 
and S"{ } L , which, by assumption, are process structures, so they can assume only specific 
forms. 

• The base case has S'{ } L * <{ }< U'), and S"{ } L ~ <{ } < U"), for some U', and U" 
every of which may well be 0. So, S'{o) L * (o < U') ~ U', and S"{of « <o < U") ~ 
U". The assumptions t\E\) = (b < U'), and <\F\) = (b< U"), and Q E' D = <o <U') * [/', 
and (| F' |) = (o < {/"> ~ f/" imply that £ = fr.F/, and F = b.E'. We can write: 



b.E' — *->■ F' fe.F' — F' 

c 

(b.E') | (F.F') — € -+E' | F 

We remark that neither S '{ } L ~ <S'{ } L « £/') with5'{ } L * { },norS'{ } L ~ <S"{ } L < £/"> 
with5"{ Y & { }, can hold. Otherwise neither 5 '{ j 1 -, nor neither 5"'{ j 1 - could be pro- 
cess structures. 

• Let S'{ Y ~ } L, 5?t/']. So, ~ [S'{o)s!7']. The assumptions l\E\j = 

[S'{bY 'S U'l and d £" D = [5'{o} L >s> [/'] imply that £ = Gi | G 2 , and E' = G\ | G 2 such 
that (|Gi D = SW, and dG'J = 5'{o} L , and <\G 2 \) = U'. 
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- Let S"{ } L * [S"{ f'sU"]. So, S"{of * [S"{o) >s U"]. The assumptions 
flF|) = [S'W L V U"], and <\F' [) = [S"{o} L >s> t/"] imply that F = //, | // 2 , and 
F' = H\ | H 2 such that (\ H v \ )= S "(bf, and f\ H\ ) = S "{of, and <\H 2 [) = U". We 
can prove: 

d I //, — g; i 

ctx 

Gi ift |h 2 — l^g; ih; 1//2 

ctx 

g, |G 2 ift |h 2 ^^g; |G 2 |//;|ff 2 

The premise holds thanks to the inductive hypothesis because both G\ \ H\ is 
smaller than G\ | G 2 | H\ \ H2. 

- LetS"{ } L * <5"{ l L «t/"> withS"{ } L ~ { }. Otherwise S"{ ) L could not be 
a process structure. So, 5"{o} L sb (o<U") ~ {/". The assumptions (|F|) = 

< U"), and (| F' D = (o < U") ~ U" imply that F = b.F'. We can prove: 

g, 1 — ^ g; I F' 

ctx 

Gi I G 2 I (b.F') — G; I G2 I F' 

The premise holds thanks to the inductive hypothesis because G\ \ (b.F') is 
smaller than G 1 | G2 | (b.F'). 

- LetS"{ } L a \S"{ } L J a , for any a. So, S"{of * rS"(°} L J fl - The assumptions 
{F} = r5'W L J a , and (|F'D = \S"{ofJ a imply that F = H\ b , and F' = H'\ b , for 
some and H' such that (| // D = S "{b}\ and <\ H' \j = S "{o} L . We can prove: 

G, I (H)\ b — ^ G\ I (H')\ b 

CtX 

G, I G 2 I (H)\b — ^ G; I G 2 I (H')\ b 

The premise holds thanks to the inductive hypothesis because G\ \ (H)\b is smaller 
than Gi I G 2 I (H)\ b . 

• LetS'{ } L a <5'{ } L « £/') with S'{ } » { }. Otherwise 5 '{ } L could not be a process 
structure. So, S'{of « (o « [/') » j[7'. The assumptions fl£|) = {b<U'), and (|F'D = 
(o < £/') » {/" imply that F = b.F'. 

- We already considered the case with S"{ } L ~ [S"{ } L "§ I/"]. It is enough to 
switch S '{ } L andS"{ } L . 

- Letting S "{ } L * (S"{ ) L <{/"), with 5 "{ }~{ }, otherwise S "{ } L could not be 
a process structure, becomes the base case, we started with. 

- Let S"{ } L « }"J fl , for any a. So, S"{of * rS"{o} L L where, thanks to 
(02), we can always be in a situation such that a is different from every element 
infn(S'{bf). The assumptions (\F\j = \S"{bfj a , and flF'^ = \S"{of\ a imply 
that F = H\ b , and F' = H'\ b , for some //, and H' such that fl#D = §"{b}\ and 
(]//'[) = S"{o} L . We can prove: 

b.E' I # — ^ £" I H' 
p 

(b.E')\ a \H\a^^E'\a\H'\ a 

where p can be any between Pi, and p e . The premise holds thanks to the inductive 
hypothesis because b.E' \ H is smaller than (b.E')\ a \ H\ a . 
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LetS'f ) L * \S'{ 1 L J„ for a given a. So, S'{o} L « r5'{°}"J«- The assumptions (| £ D = 
|~S WJ«, and (|£" D = |"S W"Ja imply that £ = G| a , and E' = G'\ a , for some G, and G' 
such that t\G\)=$ '{b}\ and (| G' D = 5 '{o}-. 

- We already considered the case with S"{ j 1- ~ [§"{ } L ^ 17"]. It is enough to 
switch S '{ } L andS"{ }\ 

- We already considered the case with S"{ } L ~ (S"{ j 1- < U"). It is enough to 
switch S '{ Y andS"{ }\ 

- Let S"{ } L « r5"{ } L J C , for any c. So, S"{o} L ~ \S"{o^] c . The assumptions 
(|F|) = \S"{bf\ c , and (|F'D = \S"{of\ c imply that £ = H\ c , and F' = ff'| c , 
for some H, and //' such that (\H\ = S"(b}\ and <\H'\) = S"{o}\ We need to 
consider the following cases where (i) p can be Pi, or p e , and (ii) the premise of 
all the given derivations exists thanks to the inductive arguments we have used so 
far in this proof. 

* As a first case let a = c, and a,c £ b. We can prove: 

G | H — c -^> G' | H' 

p 

G\ a \H\ a —^G'\ a \H'\ a 

We can proceed in the same way also when a,c = b, the derivation becoming: 

G | H — G' | H' 

p 

G\ b \H\ b —^G'\ b \H'\„ 

* As a third case let a = b, and c £ b. we can prove: 

G{ d / b )\U\ c —^G'{ d / b }\H'\ c 

G\ b | H\ c at G{ d l b }\ d | Hl\ d G'{ d / b }\ d | H'\ c \ d a G'\ b | H'\ c 

where d neither occurs in G, nor it occurs in H\ c so that we can apply d42t . 



Proof of Soundness w.r.t. internal communication (Theo- 
rem 18.61 page [T91) 



As a base case, let (| £ D * [{b < f\E\,') ^ (b < <\E )")], for some process E', and £"'. So, 
E is (b.E') \ (b.E"), and S'{ } L ~ <{ } « d £l>, and S"{ } L « ({ j < (|£"D). We can take 
Gtobe £" | £"' because [<o < (|£" j) <s (o < flf" D>] * [(]£[)' >S> d £[)"]. We can write: 



b.E' — b —> E' b.E' — b —> E' 

c 

(b.E') | (b.E") — | E" 

Let (j £ [) ~ [r^'WJc ^ r5"{^} L Jc 'S' d£""D], for some £"", and c. We remark that c is 
either different from b in both lS'{b} L } c , and rS"W~Jc, ° r it is equal to b in both of 
them. Otherwise, we could not get to the premise of atji- in , So, E is E'\ c \ E"\ c \ 
E'", where flE'D « S"{fc} L , and d£" D * S"{£} L . We can take G as G'| c | G"| c | £"", 
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because (\G§ * [\S'{o)^ c v [S"{°n c v <\E"'\)l with(|G'D * S'{o}\ and(|G"D * 
^"{o} 1 -. We can write: 

£" | £" — U~ G' | G" 
E'\ C \E"\ C ^^G'\ C \G"\ C 

CtX 

£"| r I E"\c | £"" — ^G'| c | G"| c | 
where p can be p e , or pj. The premise follows from Point ((7} of Proposition |8.3l 

• Let l\E\j a r[5'W L ^S"{bf >8 <\E'"\)]\ C , for some E'", and c. So, £ is (£' | E" | 
E"')| c , where flE'D ~ 5'{/?} L , and <\E"\j * 5"{^} L . We can take G as (G' | G" \ 
E"%, because (| G D * US '(°} L * 5 "{°}^ (| E'" |)] J c , with \G'\ « S"{o} L , and (| G" [) » 
^"{o} 1 -. We can write: 

£•' | £" — G' I G" 

CtX 

£' | £" | — ^ G' | G' | 

p 

(£' | £" | E'")| c * (£' I B" I E"')\c I 0| c — ^ (G' | G" | £'")| c I 0| c * (G' | G" | E"')\c 

where p can be p e , or pj. The premise follows from Point (0 of Proposition l8.3l 

Of course, if <\E \) * [5 W « S"{£} L >s d £"" [)], for some £"", we can proceed as here 
above, dropping p. 

Assuming that (*) is the lowermost instance of at|i- of 3l excludes other cases that would 
impede getting to the premise of (*) itself in a trivial derivation like '3' has to be. 



F Proof of Soundness w.r.t. external communication (Theo- 
rem MM page 1201) 



We proceed on the possible forms that <\E\) can assume > m relation with the form of R. 
Point (O of Proposition l8.3l will help concluding. 

First case. We focus on 3 concluding with \\E \ *S \{b < R)\ b ]. In the simplest case, Points (O, 
and © of Proposition |83] imply that either fl£[) « [\S'{bf\ b >? <\ E"% or flE|) « 
\{b <<\E" \))] b , for some E", and S'{ }\ such that b e fn(S'{Z?} L ). 

1. Let flE|) * r<M £ " [)>Jfc. So, £ is (£.E")|*,. We can take G coinciding to E", 
because \(o < (\ E" \))} b * fd E" DJi- We can prove: 



b.E" — E" 

Pi 

(b.E")\ b —^E"\ b 



2. LetflED « [[S'{b} L ] b >s> (\E"\)]. So, E is E\ \ E" where <\ £' |) « 5'{fo} L - We can 
take G as G'\ b | E" where (j G' D ~ ^ '{o} L J fc . We can prove: 

E'^^G 

Pi 

E'\ b —^G'\ b 

CtX 

E'UE"— ^-G'UE" 
Point © of Proposition 18.31 implies that the premise holds. 
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In fact, the most general situations that Points ([3J, and <j4j of Proposition ^ . 3l implv are: 

d£ d * tr- • • \s'{bn am ■ • * o f D] o £ d * r- • • r<& - n e \>>u„ ■ ■ ■]« 

where a, £ a 7 , for every 1 < i, j < m, and b = a,, for some 1 < i < m. We can resume to 
the situation we have just developed in detail, by rearranging the occurrences of Sdq, 
thanks to congruence ( |42] |. 

Second case. Let us assume that 3 concludes with R w {b<R'). Points (0, and © of 
Proposition [831 imply either fl £ |) * (Z> <f\ E' D>, or (| E D ~ [5 d £'[)], where 

& e fn(S'{b} L ). Both combinations are simple sub-cases of the previous ones, just 
developed in detail. 
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